On Thursday, the U.S. and U.K. legally ascribed the supply chain of IT infrastructure management organization SolarWinds. This was done with “high confidence” to government operatives that give service to Russia’s Foreign Intelligence Service (SVR).

"Russia's pattern of malign behavior around the world – whether in cyberspace, in election interference, or the aggressive operations of their intelligence services – demonstrates that Russia remains the most acute threat to the U.K.'s national and collective security," the U.K. government mentioned in a statement.

The Department of the Treasury of the U.S. levied sweeping sanctions against Russia towards "undermining the conduct of free and fair elections and democratic institutions" in the U.S. as well as for its part in facilitating the sprawling hack of SolarWinds. The Department of the Treasury has also restricted six technology organizations in the nation that will extend support to the cyber program executed by the Intelligence Services of Russia. The administration under Biden is expelling ten members of the diplomatic mission of Russia in Washington, D.C., entailing intelligence services representatives.

"The scope and scale of this compromise combined with Russia's history of carrying out reckless and disruptive cyber operations make it a national security concern," declared the Treasury Department. "The SVR has put at risk the global technology supply chain by allowing malware to be installed on the machines of tens of thousands of SolarWinds' customers."

For its part, Moscow had denied involvement in the broad-scope SolarWinds campaign previously, stating "it does not conduct offensive operations in the cyber domain."

The intrusions came to light in December 2020 when FireEye and other cybersecurity firms revealed that the operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor to gather sensitive information.

An advisory that alerted businesses of active exploitation of five flaws by APT29 that are publicly known to gain initial footholds into victim devices and networks have been jointly released by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI).

• CVE-2018-13379Fortinet FortiGate VPN
• CVE-2019-9670Synacor Zimbra Collaboration Suite
• CVE-2019-11510Pulse Secure Pulse Connect Secure VPN
• CVE-2019-19781Citrix Application Delivery Controller and Gateway
• CVE-2020-4006VMware Workspace ONE Access

Pulse Secure mentioned that the issue detected by the NSA deals with a vulnerability that was patched on legacy deployments and that "customers who followed the instructions in a Pulse Secure security advisory issued at that time have properly protected their systems and mitigated the threat."

"We see what Russia is doing to undermine our democracies," said U.K. Foreign Secretary Dominic Raab. "The U.K. and the U.S. are calling out Russia's malicious behavior to enable our international partners and businesses at home to better defend and prepare themselves against this kind of action."